This is an automated email from the ASF dual-hosted git repository.
aicam pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/texera.git
The following commit(s) were added to refs/heads/main by this push:
new b9fc0d2c89 fix(backend): allow users with read access level to revoke
their own access on shared workflows (#4143)
b9fc0d2c89 is described below
commit b9fc0d2c89423ea76ffda3948f9a3688fb4849ce
Author: Seongjin Yoon <[email protected]>
AuthorDate: Wed Jan 7 15:41:15 2026 -0800
fix(backend): allow users with read access level to revoke their own access
on shared workflows (#4143)
<!--
Thanks for sending a pull request (PR)! Here are some tips for you:
1. If this is your first time, please read our contributor guidelines:
[Contributing to
Texera](https://github.com/apache/texera/blob/main/CONTRIBUTING.md)
2. Ensure you have added or run the appropriate tests for your PR
3. If the PR is work in progress, mark it a draft on GitHub.
4. Please write your PR title to summarize what this PR proposes, we
are following Conventional Commits style for PR titles as well.
5. Be sure to keep the PR description updated to reflect all changes.
-->
### What changes were proposed in this PR?
<!--
Please clarify what changes you are proposing. The purpose of this
section
is to outline the changes. Here are some tips for you:
1. If you propose a new API, clarify the use case for a new API.
2. If you fix a bug, you can clarify why it is a bug.
3. If it is a refactoring, clarify what has been changed.
3. It would be helpful to include a before-and-after comparison using
screenshots or GIFs.
4. Please consider writing useful notes for better and faster reviews.
-->
This PR fixes a permission issue where users with READ access to a
workflow could not revoke their own access.
**Changes:**
- Updated `revokeAccess()` method in `WorkflowAccessResource.scala` to
allow users to revoke their own access regardless of privilege level
(READ or WRITE).
- Added owner protection which prevents workflow owners from revoking
their own access to avoid orphaned workflows.
- Added test cases for the `revokeAccess()` method in
`WorkflowAccessResourceSpec.scala`.
**Before:**
- Backend requires WRITE privilege for self-revocation.
- READ users received error when revoking their own access.
**After:**
- READ users can revoke their own access to a shared workflow (leave
shared workflows).
- Owners cannot revoke their own access (prevent orphaned workflows).
**Demo:**
https://github.com/user-attachments/assets/4fa57eb0-9218-4715-bf8d-aec26f039174
### Any related issues, documentation, discussions?
<!--
Please use this section to link other resources if not mentioned
already.
1. If this PR fixes an issue, please include `Fixes #1234`, `Resolves
#1234`
or `Closes #1234`. If it is only related, simply mention the issue
number.
2. If there is design documentation, please add the link.
3. If there is a discussion in the mailing list, please add the link.
-->
Fixes #4141.
### How was this PR tested?
<!--
If tests were added, say they were added here. Or simply mention that if
the PR
is tested with existing test cases. Make sure to include/update test
cases that
check the changes thoroughly including negative and positive cases if
possible.
If it was tested in a way different from regular unit tests, please
clarify how
you tested step by step, ideally copy and paste-able, so that other
reviewers can
test and check, and descendants can verify in the future. If tests were
not added,
please describe why they were not added and/or why it was difficult to
add.
-->
Run `sbt "WorkflowExecutionService/testOnly
*WorkflowAccessResourceSpec"`
**The test cases cover the following scenarios:**
- Users with WRITE access can revoke other users' access.
- Users with READ access cannot revoke other users' access.
- Users can revoke their own access regardless of access level.
- Owner's access cannot be revoked by others.
- Owner cannot revoke their own access.
- Error handling for non-existing users.
- Revoking access does not affect other users' access level.
- Revoke access of a user who does not have access.
### Was this PR authored or co-authored using generative AI tooling?
<!--
If generative AI tooling has been used in the process of authoring this
PR,
please include the phrase: 'Generated-by: ' followed by the name of the
tool
and its version. If no, write 'No'.
Please refer to the [ASF Generative Tooling
Guidance](https://www.apache.org/legal/generative-tooling.html) for
details.
-->
No.
---
.../user/workflow/WorkflowAccessResource.scala | 37 +++++++++++++++-------
1 file changed, 26 insertions(+), 11 deletions(-)
diff --git
a/amber/src/main/scala/org/apache/texera/web/resource/dashboard/user/workflow/WorkflowAccessResource.scala
b/amber/src/main/scala/org/apache/texera/web/resource/dashboard/user/workflow/WorkflowAccessResource.scala
index 95a2bf7587..2c92352a08 100644
---
a/amber/src/main/scala/org/apache/texera/web/resource/dashboard/user/workflow/WorkflowAccessResource.scala
+++
b/amber/src/main/scala/org/apache/texera/web/resource/dashboard/user/workflow/WorkflowAccessResource.scala
@@ -220,17 +220,32 @@ class WorkflowAccessResource() {
@PathParam("email") email: String,
@Auth user: SessionUser
): Unit = {
- if (!hasWriteAccess(wid, user.getUid)) {
- throw new ForbiddenException(s"You do not have permission to modify
workflow $wid")
- }
+ try {
+ val targetUserUid = userDao.fetchOneByEmail(email).getUid
+ val workflowOwnerUid = workflowOfUserDao.fetchByWid(wid).get(0).getUid
- context
- .delete(WORKFLOW_USER_ACCESS)
- .where(
- WORKFLOW_USER_ACCESS.UID
- .eq(userDao.fetchOneByEmail(email).getUid)
- .and(WORKFLOW_USER_ACCESS.WID.eq(wid))
- )
- .execute()
+ // Prevent owner from revoking their own access
+ if (targetUserUid == workflowOwnerUid) {
+ throw new ForbiddenException("The owner cannot revoke their own
access")
+ }
+
+ // Allow if: (1) user has WRITE access, OR (2) user is revoking their
own access
+ val isRevokingOwnAccess = targetUserUid == user.getUid
+ if (!hasWriteAccess(wid, user.getUid) && !isRevokingOwnAccess) {
+ throw new ForbiddenException(s"You do not have permission to modify
workflow $wid")
+ }
+
+ context
+ .delete(WORKFLOW_USER_ACCESS)
+ .where(
+ WORKFLOW_USER_ACCESS.UID
+ .eq(targetUserUid)
+ .and(WORKFLOW_USER_ACCESS.WID.eq(wid))
+ )
+ .execute()
+ } catch {
+ case _: NullPointerException =>
+ throw new BadRequestException(s"User $email Not Found!")
+ }
}
}
